Experiment on producing Ring 0 to Ring 3 transition shellcode in C for x64 / x86. Uses PsSetContextThread() to direct execution. Interrupt Request Level ( IRQL ) Migration From DISPATCH_LEVEL to PASSIVE_LEVEL is done via Work Items - View it on GitHub